[CentOS] Vsftpd + ssl

Tue Nov 22 01:32:59 UTC 2005
Thomas E Dukes <edukes at alltel.net>

 

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Will McDonald
> Sent: Monday, November 21, 2005 10:55 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] Vsftpd + ssl
> 
> There's a fair amount of information in the vsftpd.conf (5) 
> man page to so with enabling SSL, how to direct vsftpd to the 
> appropriate certificates etc.
> 
> There doesn't appear to be any concrete examples in the docs...
> 
> [wmcdonald at willspc vsftpd-2.0.1]$ pwd
> /usr/share/doc/vsftpd-2.0.1
> [wmcdonald at willspc vsftpd-2.0.1]$ grep -ir ssl * 
> Changelog:For some cases, it's better than the hassle of 
> virtual users. Idea thanks to
> Changelog:- Add OpenSSL (AUTH TLS / SSL) support for 
> encrypted control and data
> Changelog:- Improve the build system so tcp_wrappers, PAM and 
> OpenSSL can be forcibly
> Changelog:- Add SSL / TLS info to SECURITY texts.
> Changelog:- Add README.ssl
> Changelog:- Add documentation for new SSL options to vsftpd.conf.5.
> Changelog:- Add -lcrypto for the SSL build; needed for some systems!
> Thanks to Nelson
> Changelog:- Fix vsftpd.conf.5 man page error in "ssl_sslv3", 
> thanks to Etienne Chevillard
> Changelog:- Clarify licensing: I allow linking of my GPL 
> software with the OpenSSL COPYING:As copyright holder, I give 
> permission for vsftpd to be linked to the OpenSSL 
> COPYING:linked against the OpenSSL libraries. All other 
> obligations under the GPL v2 COPYING:except as expressly 
> provided under this License.  Any attempt
> FAQ:Q) Does vsftpd support SSL / TLS based encryption?
> FAQ:need to activate the ssl_enable setting. NOTE there are 
> security considerations FAQ:with this support. Please make 
> sure to read the ssl_enable section in the LICENSE:As 
> copyright holder, I give permission for vsftpd to be linked 
> to the OpenSSL LICENSE:linked against the OpenSSL libraries. 
> All other obligations under the GPL v2 
> SECURITY/TRUST:vsftpd-2.0.0 introduces SSL / TLS support 
> using OpenSSL. OpenSSL is a massive SECURITY/TRUST:control of 
> remote malicious clients. SSL / TLS is disabled by default, 
> both SECURITY/TRUST:the decision that they trust the OpenSSL 
> library. I personally haven't yet SECURITY/TRUST:formed an 
> opinion on whether I consider the OpenSSL code trustworthy.
> SECURITY/DESIGN:5) vsftpd-2.0.0 introduces SSL / TLS support 
> using OpenSSL. ALL OpenSSL SECURITY/DESIGN:user. This means 
> both pre-authenticated and post-authenticated OpenSSL 
> protocol SECURITY/DESIGN:being secure. I'm unaware of any 
> other FTP server which supports both SSL / TLS
> TODO:- Look into using GnuTLS in place of OpenSSL (more 
> compatible license).
> 
> Google might throw up some potential aid...
> 
> http://classic.tinysofa.org/documentation/index.cgi?VsftpdConf
> iguration
> 
> http://www.google.co.uk/search?hl=en&q=vsftpd+ssl&meta=
> 
> Will.
> 
Hello Will,

I already tried the tinysofa instructions.  I did manage to get the
certificate window to popup once but still couldn't get it to connect.  I'm
beginning to think this is 'client' issue as its pretty straight forward.

I'll keep playing with it.

Thanks!!

Eddie
> 
> On 19/11/05, Thomas E Dukes <edukes at alltel.net> wrote:
> > Hello,
> >
> > Does anyone have this working?  I have been looking for a couple of 
> > hours trying to find docs on how to set this up and so far the only 
> > thing I have found is how to enable ssl in vsftpd.conf.
> >
> > TIA
> >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>